Dob-in obligations lacking whistleblower protections, joint bodies warn

A raft of professional bodies and associations have raised concerns that the TPB’s guidance on the breach reporting obligations does not address how the whistleblower protection rules will apply to the new rules.

In a recent submission, the major accounting bodies, along with other industry associations, said the guidance should explain the relationship between the whistleblower protection rules and breach reporting rules.

The joint bodies also want guidance to explain whether the two sets of rules function independently of one another, or in circumstances in which a reporting practitioner under the breach reporting rules can be considered an ‘eligible whistleblower’ under the definition in section 14ZZU of the Taxation Administration Act.

“Feedback from practitioners indicates that there is a widespread perception that when a practitioner reports another practitioner under the breach reporting rules, the reporting practitioner will be shielded under the whistleblower protection rules,” the submission said.

In our view, this may be a misconception, based on the meaning of ‘eligible whistleblower’ in section 14ZZU of the TAA.

The definition of ‘eligible whistleblower’ in section 14ZZU of the TAA states that an individual can be considered eligible if they fall into any of the following categories in relation to an entity:

1. An officer of the entity as defined by the Corporations Act 2001 (Cth).

2. An employee of the entity.

3. An individual who provides services or goods to the entity, whether paid or unpaid.

4. An employee of a person who supplies services or goods to the entity, whether paid or unpaid.

5. An individual who is an associate of the entity as defined by section 318 of the Income Tax Assessment Act 1936 (Cth) (ITAA 1936).

6. A spouse or child of an individual mentioned in any of the previous categories.

7. A dependent of an individual mentioned in any of the previous categories or their spouse.

8. An individual prescribed by the regulations for this purpose in relation to the entity.

Schedule 2 to the Treasury Laws Amendment (Tax Accountability and Fairness) Act 2023 amends the whistleblower protection rules by expanding the protection to include disclosures to the TPB and existing protection where disclosures are made to the Tax Commissioner.

As the amendments to the whistleblower protection rules were only enacted on 31 May 2024, the joint bodies acknowledged that the TPB would need time to provide guidance.

“However, it is important to note that the amendments do not change the definition of eligible whistleblower,” the submission said.

It noted that under paragraph 318(1)(b) of the ITAA 1936, a partner in a partnership is an associate of another partner in that same partnership.

However, two unrelated practitioners will generally not be associates of each other, it said.

“Therefore, a reporting practitioner who is a partner at the same firm as the practitioner whose conduct is reported should be considered an eligible whistleblower as they are an ‘associate’ under section 318 of the ITAA 1936,” the submission said.

“In contrast, a practitioner who reports a reportable breach by another practitioner to the TPB or the Commissioner, but is unrelated to that other practitioner, and does not otherwise fall within any of the categories, will not be an eligible whistleblower and therefore will not be entitled to receive any protection under that framework.”

The joint bodies warned this discrepancy means that a practitioner reporting a reportable breach by a partner at the same firm is entitled to receive protection not afforded to them when they report an unrelated practitioner.

“In our view, there is no basis for this inconsistency,” the joint bodies said.

“While the amendments are a policy issue that is not a matter for the TPB, and do not alter the definition of ‘eligible whistleblower’, we recommend that the TPB should update its guidance to provide more clarity to practitioners on this aspect.”

The joint bodies also said the TPB should take steps to safeguard the privacy of reporting practitioners who do not wish to be identified as the practitioner who is the subject of the reportable breach.

The online complaint form currently enables practitioners to submit complaints anonymously.

“However, while practitioners should not be able to report breaches anonymously to the TPB (else they could not prove that they had met their breach reporting obligations among other reasons), they should be able to indicate if they want to safeguard the confidentiality of their identity from a practitioner when reporting a reportable breach by that practitioner,” the submission said.

“This could be achieved through a checkbox option on the online form if that is what is proposed to be used for such reporting.”